idnits 2.17.00 (12 Aug 2021) /tmp/idnits65010/draft-ymbk-rpki-rtr-protocol-mib-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to use 'NOT RECOMMENDED' as an RFC 2119 keyword, but does not include the phrase in its RFC 2119 key words list. -- The document date (October 31, 2011) is 3848 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: draft-ietf-sidr-rpki-rtr has been published as RFC 6810 ** Downref: Normative reference to an Informational RFC: RFC 3410 -- Obsolete informational reference (is this intentional?): RFC 2385 (Obsoleted by RFC 5925) -- Obsolete informational reference (is this intentional?): RFC 5246 (Obsoleted by RFC 8446) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Bush 3 Internet-Draft Internet Initiative Japan 4 Intended status: Standards Track B. Wijnen 5 Expires: May 3, 2012 RIPE NCC 6 K. Patel 7 Cisco Systems 8 M. Baer 9 SPARTA 10 October 31, 2011 12 Definitions of Managed Objects for the RPKI-Router Protocol 13 draft-ymbk-rpki-rtr-protocol-mib-02 15 Abstract 17 This document defines a portion of the Management Information Base 18 (MIB) for use with network management protocols in the Internet 19 community. In particular, it describes objects used for monitoring 20 the RPKI Router protocol. 22 Status of this Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on May 3, 2012. 39 Copyright Notice 41 Copyright (c) 2011 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3 58 2. Internet-Standard Management Framework . . . . . . . . . . . . 3 59 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 60 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 4 61 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 62 6. Security Considerations . . . . . . . . . . . . . . . . . . . 21 63 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 64 7.1. Normative References . . . . . . . . . . . . . . . . . . . 21 65 7.2. Informative References . . . . . . . . . . . . . . . . . . 22 66 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 68 1. Introduction 70 This document defines a portion of the Management Information Base 71 (MIB) for use with network management protocols in the Internet 72 community. In particular, it defines objects used for monitoring the 73 RPKI Router protocol [I-D.ietf-sidr-rpki-rtr]. 75 1.1. Requirements Language 77 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 78 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 79 document are to be interpreted as described in RFC 2119 [RFC2119]. 81 2. Internet-Standard Management Framework 83 For a detailed overview of the documents that describe the current 84 Internet-Standard Management Framework, please refer to section 7 of 85 [RFC3410]. Managed objects are accessed via a virtual information 86 store, termed the Management Information Base or MIB. MIB objects 87 are generally accessed through the Simple Network Management Protocol 88 (SNMP). Objects in the MIB are defined using the mechanisms defined 89 in the Structure of Management Information (SMI). This document 90 specifies a MIB module that is compliant to the SMIv2, which is 91 described in STD 58, [RFC2578], STD 58, [RFC2579] and STD 58, 92 [RFC2580]. 94 3. Overview 96 The objects defined in this document are used to monitor the RPKI 97 Router protocol [I-D.ietf-sidr-rpki-rtr]. The MIB module defined in 98 this draft is broken into these tables: the RPKI Router Cache Server 99 (connection) Table, the RPKI Router Cache Server Errors Table, and 100 the RPKI Router Prefix Origin Table. 102 The RPKI Router Cache Server Table contains information about state 103 and current activity of connections with the RPKI Router Cache 104 Servers. It also contains counters for the number of messages 105 receibd and sent plus the number of accouncements, withdrawals and 106 active records. The RPKI Router Cache Server Errors Table contains 107 counters of occurences of errors on the connections (if any). The 108 RPKI RoOuter Prefix Origin Table contains IP prefixes with their 109 minumum and maximum prefix lengths and the Origin AS. This data is 110 the collective set of information received from all RPKI Cache 111 Servers that the router is connected with. The Cache Servers are 112 running the RPKI Router protocol. 114 Two Notification have been defined to inform a Network Management 115 Station (NMS) or operators about changes in the connection state of 116 the connections listed in the RPKI Cache Server (Connection) Table. 118 4. Definitions 120 The Following MIB module imports definitions from [RFC2578], STD 58, 121 [RFC2579] STD 58, [RFC2580], [RFC4001], [RFC2287]. That means we 122 have a normative reference to those documents. 124 The MIB module also has a normative reference to the RPKI Router 125 protocol [I-D.ietf-sidr-rpki-rtr]. Furthermore, for background and 126 informative information, the MIB module refers to [RFC1982], 127 [RFC2385], [RFC4252], [RFC5246], [RFC5925]. 129 RPKI-RTR-MIB DEFINITIONS ::= BEGIN 131 IMPORTS 133 MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, 134 Integer32, Unsigned32, mib-2, Gauge32, Counter32 135 FROM SNMPv2-SMI -- RFC2578 137 InetAddressType, InetAddress, InetPortNumber, 138 InetAddressPrefixLength, InetAutonomousSystemNumber 139 FROM INET-ADDRESS-MIB -- RFC4001 141 TEXTUAL-CONVENTION, TimeStamp 142 FROM SNMPv2-TC -- RFC2579 144 MODULE-COMPLIANCE, OBJECT-GROUP, NOTIFICATION-GROUP 145 FROM SNMPv2-CONF -- RFC2580 147 LongUtf8String FROM SYSAPPL-MIB -- RFC2287 149 ; 151 rpkiRtrMIB MODULE-IDENTITY 152 LAST-UPDATED "201110140000Z" 153 ORGANIZATION "IETF Secure Inter-Domain Routing (SIDR) 154 Working Group 155 " 156 CONTACT-INFO "Working Group Email: sidr@ietf.org 158 Randy Bush 159 Internet Initiative Japan 160 5147 Crystal Springs 161 Bainbridge Island, Washington, 98110 162 USA 163 Email: randy@psg.com 165 Bert Wijnen 166 RIPE NCC 167 Schagen 33 168 3461 GL Linschoten 169 Netherlands 170 Email: bertietf@bwijnen.net 172 Keyur Patel 173 Cisco Systems 174 170 W. Tasman Drive 175 San Jose, CA 95134 176 USA 177 Email: keyupate@cisco.com 179 Michael Baer 180 SPARTA 181 P.O. Box 72682 182 Davis, CA 95617 183 USA 184 Email: michael.baer@sparta.com 185 " 187 DESCRIPTION "This MIB module contains management objects to 188 support monitoring of the Resource Public Key 189 Infrastructure (RPKI) protocol on routers. 191 Copyright (c) 2011 IETF Trust and the persons 192 identified as authors of the code. All rights 193 reserved. 195 Redistribution and use in source and binary 196 forms, with or without modification, is 197 permitted pursuant to, and subject to the 198 license terms contained in, the Simplified BSD 199 License set forth in Section 4.c of the IETF 200 Trust's Legal Provisions Relating to IETF 201 Documents (http://trustee.ietf.org/license-info). 203 This version of this MIB module is part of 204 RFCxxxx; see the RFC itself for full legal 205 notices. 206 " 208 REVISION "201110140000Z" 209 DESCRIPTION "Initial version, published as RFCxxxx." 210 -- Note to RFC Editor: pls fill in above (2 times) RFC 211 -- number for xxxx and delete these 2 lines. 212 ::= { mib-2 XXX } -- XXX to be assigned by IANA 214 rpkiRtrNotifications OBJECT IDENTIFIER ::= { rpkiRtrMIB 0 } 215 rpkiRtrObjects OBJECT IDENTIFIER ::= { rpkiRtrMIB 1 } 216 rpkiRtrConformance OBJECT IDENTIFIER ::= { rpkiRtrMIB 2 } 218 -- ============================================================== 219 -- Textual Conventions used in this MIB module 220 -- ============================================================== 222 RpkiRtrConnectionType ::= TEXTUAL-CONVENTION 223 STATUS current 224 DESCRIPTION "The connection type or transport security suite 225 (transport plus security mecahnism) used between 226 a router (as a client) and a cache server. 228 The following types have been defined in RFCnnnn: 229 -- RFC Editor: pls fill out RFCnnnn number that will be or has 230 -- been assigned to draft-ietf-sidr-rpki-rtr-nn.txt 231 ssh(1) - sect 7.1, see also RFC4252. 232 tls(2) - sect 7.2, see also RFC5246. 233 tcpMD5(3) - sect 7.3, see also RFC2385. 234 tcpAO(4) - sect 7.4, see also RFC5925. 235 tcp(5) - sect 7. 236 ipsec(6) - sect 7, see also RFC4301. 237 other(7) - non of the above 238 " 239 REFERENCE "The RPKI/Rtr Protocol, RFCnnnn - section 7" 240 -- RFC Editor: pls fill out RFCnnnn number that will be or has been 241 -- assigned to draft-ietf-sidr-rpki-rtr-nn.txt 242 SYNTAX INTEGER { 243 ssh(1), 244 tls(2), 245 tcpMD5(3), 246 tcpAO(4), 247 tcp(5), 248 ipsec(6), 249 other(7) 250 } 252 -- ============================================================== 253 -- Scalar objects 254 -- ============================================================== 255 rpkiRtrDiscontinuityTimer OBJECT-TYPE 256 SYNTAX TimeStamp 257 MAX-ACCESS read-only 258 STATUS current 259 DESCRIPTION "This timer represents the timestamp (value 260 of sysUpTime) at which time any of the 261 Counter32 ojects in this MIB module 262 encountered a discontinuity. 264 In principle that should only happen if the 265 SNMP agent or the instrumentation for this 266 MIB module (re-)starts." 267 ::= { rpkiRtrObjects 1 } 269 -- ============================================================== 270 -- RPKI Router Cache Server Connection Table 271 -- ============================================================== 273 rpkiRtrCacheServerTable OBJECT-TYPE 274 SYNTAX SEQUENCE OF RpkiRtrCacheServerTableEntry 275 MAX-ACCESS not-accessible 276 STATUS current 277 DESCRIPTION "This table lists the RPKI cache servers 278 known to this router/system." 279 ::= { rpkiRtrObjects 2 } 281 rpkiRtrCacheServerTableEntry OBJECT-TYPE 282 SYNTAX RpkiRtrCacheServerTableEntry 283 MAX-ACCESS not-accessible 284 STATUS current 285 DESCRIPTION "An entry in the rpkiRtrCacheServerTable. 286 It holds management attributes associated 287 with one connection to a RPKI cache server." 288 INDEX { rpkiRtrCacheServerAddressType, 289 rpkiRtrCacheServerRemoteAddress, 290 rpkiRtrCacheServerRemotePort 291 } 292 ::= { rpkiRtrCacheServerTable 1 } 294 RpkiRtrCacheServerTableEntry ::= SEQUENCE { 295 rpkiRtrCacheServerAddressType InetAddressType, 296 rpkiRtrCacheServerRemoteAddress InetAddress, 297 rpkiRtrCacheServerRemotePort InetPortNumber, 298 rpkiRtrCacheServerLocalAddress InetAddress, 299 rpkiRtrCacheServerLocalPort InetPortNumber, 300 rpkiRtrCacheServerPreference Unsigned32, 301 rpkiRtrCacheServerConnectionType RpkiRtrConnectionType, 302 rpkiRtrCacheServerConnectionStatus INTEGER, 303 rpkiRtrCacheServerDescription LongUtf8String, 304 rpkiRtrCacheServerMsgsReceived Counter32, 305 rpkiRtrCacheServerMsgsSent Counter32, 306 rpkiRtrCacheServerV4ActiveRecords Gauge32, 307 rpkiRtrCacheServerV4Announcements Counter32, 308 rpkiRtrCacheServerV4Withdrawals Counter32, 309 rpkiRtrCacheServerV6ActiveRecords Gauge32, 310 rpkiRtrCacheServerV6Announcements Counter32, 311 rpkiRtrCacheServerV6Withdrawals Counter32, 312 rpkiRtrCacheServerLatestSerial Unsigned32, 313 rpkiRtrCacheServerNonce Unsigned32, 314 rpkiRtrCacheServerRefreshTimer Unsigned32, 315 rpkiRtrCacheServerTimeToRefresh Integer32, 316 rpkiRtrCacheServerId Unsigned32 317 } 319 rpkiRtrCacheServerAddressType OBJECT-TYPE 320 SYNTAX InetAddressType { ipv4(1), ipv6 (2) } 321 MAX-ACCESS not-accessible 322 STATUS current 323 DESCRIPTION "The network address type of the connection 324 to this RPKI cache server. 326 Only IPv4 and IPv6 are supported." 327 ::= { rpkiRtrCacheServerTableEntry 1 } 329 rpkiRtrCacheServerRemoteAddress OBJECT-TYPE 330 SYNTAX InetAddress (SIZE(4|16)) 331 MAX-ACCESS not-accessible 332 STATUS current 333 DESCRIPTION "The remote network address for this connection 334 to this RPKI cache server. 336 The format of the address is defined by the 337 value of the corresponding instance of 338 rpkiRtrCacheServerAddressType." 339 ::= { rpkiRtrCacheServerTableEntry 2 } 341 rpkiRtrCacheServerRemotePort OBJECT-TYPE 342 SYNTAX InetPortNumber (1..65535) 343 MAX-ACCESS not-accessible 344 STATUS current 345 DESCRIPTION "The remote port number for this connection 346 to this RPKI cache server." 347 ::= { rpkiRtrCacheServerTableEntry 3 } 349 rpkiRtrCacheServerLocalAddress OBJECT-TYPE 350 SYNTAX InetAddress (SIZE(4|16)) 351 MAX-ACCESS read-only 352 STATUS current 353 DESCRIPTION "The local network address for this connection 354 to this RPKI cache server. 356 The format of the address is defined by the 357 value of the corresponding instance of 358 rpkiRtrCacheServerAddressType." 359 ::= { rpkiRtrCacheServerTableEntry 4 } 361 rpkiRtrCacheServerLocalPort OBJECT-TYPE 362 SYNTAX InetPortNumber (1..65535) 363 MAX-ACCESS read-only 364 STATUS current 365 DESCRIPTION "The local port number for this connection 366 to this RPKI cache server." 367 ::= { rpkiRtrCacheServerTableEntry 5 } 369 rpkiRtrCacheServerPreference OBJECT-TYPE 370 SYNTAX Unsigned32 (0..255) 371 MAX-ACCESS read-only 372 STATUS current 373 DESCRIPTION "The routers' preference for this 374 RPKI cache server. 376 A lower value means more preferred. If two 377 entries have the same preference, then the 378 order is arbitrary. 380 If no order is specified in the configuration 381 then this value is set to 255." 382 REFERENCE "The RPKI/Rtr Protocol, RFCnnnn - section 8." 383 -- RFC-Editor: pls update RFCnnnn with the actual RFC number 384 -- assigned to draft-ietf-sidr-rpki-rtr-nn.txt 385 ::= { rpkiRtrCacheServerTableEntry 6 } 387 rpkiRtrCacheServerConnectionType OBJECT-TYPE 388 SYNTAX RpkiRtrConnectionType 389 MAX-ACCESS read-only 390 STATUS current 391 DESCRIPTION "The connection type or transport security suite 392 in use for this RPKI cache server." 393 ::= { rpkiRtrCacheServerTableEntry 7 } 395 rpkiRtrCacheServerConnectionStatus OBJECT-TYPE 396 SYNTAX INTEGER { up(1), down(2) } 397 MAX-ACCESS read-only 398 STATUS current 399 DESCRIPTION "The connection status for this entry 400 (connection to this RPKI cache server)." 401 ::= { rpkiRtrCacheServerTableEntry 8 } 403 rpkiRtrCacheServerDescription OBJECT-TYPE 404 SYNTAX LongUtf8String 405 MAX-ACCESS read-only 406 STATUS current 407 DESCRIPTION "Free form description/information for this 408 connection to this RPKI cache server." 409 ::= { rpkiRtrCacheServerTableEntry 9 } 411 rpkiRtrCacheServerMsgsReceived OBJECT-TYPE 412 SYNTAX Counter32 413 MAX-ACCESS read-only 414 STATUS current 415 DESCRIPTION "Number of messages received from this 416 RPKI cache server via this connection. 418 Discontinuities are indicated by the value 419 of rpkiRtrDiscontinuityTimer." 420 ::= { rpkiRtrCacheServerTableEntry 10 } 422 rpkiRtrCacheServerMsgsSent OBJECT-TYPE 423 SYNTAX Counter32 424 MAX-ACCESS read-only 425 STATUS current 426 DESCRIPTION "Number of messages sent to this 427 RPKI cache server via this connection. 429 Discontinuities are indicated by the value 430 of rpkiRtrDiscontinuityTimer." 431 ::= { rpkiRtrCacheServerTableEntry 11 } 433 rpkiRtrCacheServerV4ActiveRecords OBJECT-TYPE 434 SYNTAX Gauge32 435 MAX-ACCESS read-only 436 STATUS current 437 DESCRIPTION "Number of active IPv4 records received from 438 this RPKI cache server via this connection." 439 ::= { rpkiRtrCacheServerTableEntry 12 } 441 rpkiRtrCacheServerV4Announcements OBJECT-TYPE 442 SYNTAX Counter32 443 MAX-ACCESS read-only 444 STATUS current 445 DESCRIPTION "The number of IPv4 records announced by the 446 RPKI cache Server via this connection. 448 Discontinuities are indicated by the value 449 of rpkiRtrDiscontinuityTimer." 450 ::= { rpkiRtrCacheServerTableEntry 13 } 452 rpkiRtrCacheServerV4Withdrawals OBJECT-TYPE 453 SYNTAX Counter32 454 MAX-ACCESS read-only 455 STATUS current 456 DESCRIPTION "The number of IPv4 records withdrawn by the 457 RPKI cache Server via this connection. 459 Discontinuities are indicated by the value 460 of rpkiRtrDiscontinuityTimer." 461 ::= { rpkiRtrCacheServerTableEntry 14 } 463 rpkiRtrCacheServerV6ActiveRecords OBJECT-TYPE 464 SYNTAX Gauge32 465 MAX-ACCESS read-only 466 STATUS current 467 DESCRIPTION "Number of active IPv6 records received from 468 this RPKI cache server via this connection." 469 ::= { rpkiRtrCacheServerTableEntry 15 } 471 rpkiRtrCacheServerV6Announcements OBJECT-TYPE 472 SYNTAX Counter32 473 MAX-ACCESS read-only 474 STATUS current 475 DESCRIPTION "The number of IPv6 records announced by the 476 RPKI cache Server via this connection. 478 Discontinuities are indicated by the value 479 of rpkiRtrDiscontinuityTimer." 480 ::= { rpkiRtrCacheServerTableEntry 16 } 482 rpkiRtrCacheServerV6Withdrawals OBJECT-TYPE 483 SYNTAX Counter32 484 MAX-ACCESS read-only 485 STATUS current 486 DESCRIPTION "The number of IPv6 records withdrawn by the 487 RPKI cache Server via this connection. 489 Discontinuities are indicated by the value 490 of rpkiRtrDiscontinuityTimer." 491 ::= { rpkiRtrCacheServerTableEntry 17 } 493 rpkiRtrCacheServerLatestSerial OBJECT-TYPE 494 SYNTAX Unsigned32 495 MAX-ACCESS read-only 496 STATUS current 497 DESCRIPTION "The latest serial number of data received from 498 this RPKI server on this connection. 500 Note: this value wraps back to zero when it 501 reaches its maximum value." 502 REFERENCE "RFCnnnn section 2 and RFC1982" 503 -- RFC-Editor: please fill out nnnn with the RFC number assigned 504 -- to draft-ietf-sidr-rpki-rtr-nn.txt 505 ::= { rpkiRtrCacheServerTableEntry 18 } 507 rpkiRtrCacheServerNonce OBJECT-TYPE 508 SYNTAX Unsigned32 (0..65535) 509 MAX-ACCESS read-only 510 STATUS current 511 DESCRIPTION "The nonce associated with the RPKI cache server 512 at the other end of this connection." 513 REFERENCE "RFCnnnn section 2" 514 ::= { rpkiRtrCacheServerTableEntry 19 } 516 rpkiRtrCacheServerRefreshTimer OBJECT-TYPE 517 SYNTAX Unsigned32 (60..7200) 518 UNITS "seconds" 519 MAX-ACCESS read-only 520 STATUS current 521 DESCRIPTION "The number of seconds configured for the refresh 522 timer for this connection to this RPKI cache 523 server." 524 ::= { rpkiRtrCacheServerTableEntry 20 } 526 rpkiRtrCacheServerTimeToRefresh OBJECT-TYPE 527 SYNTAX Integer32 528 UNITS "seconds" 529 MAX-ACCESS read-only 530 STATUS current 531 DESCRIPTION "The number of seconds remaining before a new 532 refresh is performed via a Serial Query to 533 this cache server over this connection. 535 A negative value means that the refresh time 536 has passed this many seconds and the refresh 537 has not yet been completed. 539 Upon a completed refresh (i.e. a successful 540 rnd complete esponse to a Serial Query) the 541 value of this attribute will be re-initialized 542 with the value of the corresponding 543 rpkiRtrCacheServerRefreshTimer attribute." 545 ::= { rpkiRtrCacheServerTableEntry 21 } 547 rpkiRtrCacheServerId OBJECT-TYPE 548 SYNTAX Unsigned32 (1..4294967295) 549 MAX-ACCESS read-only 550 STATUS current 551 DESCRIPTION "The unique ID for this connection. 553 An implementation must make sure this ID is unique 554 within this table. It is this ID that can be used 555 to find entries in the rpkiRtrPrefixOriginTable 556 that were created by announcements received on this 557 connection from this cache server." 558 ::= { rpkiRtrCacheServerTableEntry 22 } 560 -- ============================================================== 561 -- Errors Table 562 -- ============================================================== 564 rpkiRtrCacheServerErrorsTable OBJECT-TYPE 565 SYNTAX SEQUENCE OF RpkiRtrCacheServerErrorsTableEntry 566 MAX-ACCESS not-accessible 567 STATUS current 568 DESCRIPTION "This table provides statistics on errors per 569 RPKI peer connection. These can be used for 570 debuging." 571 ::= { rpkiRtrObjects 3 } 573 rpkiRtrCacheServerErrorsTableEntry OBJECT-TYPE 574 SYNTAX RpkiRtrCacheServerErrorsTableEntry 575 MAX-ACCESS not-accessible 576 STATUS current 577 DESCRIPTION "An entry in the rpkiCacheServerErrorTable. It holds 578 management objects associated with errors that 579 were detected for the specified connection to 580 a specific cache server." 581 AUGMENTS { rpkiRtrCacheServerTableEntry } 582 ::= { rpkiRtrCacheServerErrorsTable 1 } 584 RpkiRtrCacheServerErrorsTableEntry ::= SEQUENCE { 585 rpkiRtrCacheServerErrorsCorruptData Counter32, 586 rpkiRtrCacheServerErrorsInternalError Counter32, 587 rpkiRtrCacheServerErrorsNoData Counter32, 588 rpkiRtrCacheServerErrorsInvalidRequest Counter32, 589 rpkiRtrCacheServerErrorsUnsupportedVersion Counter32, 590 rpkiRtrCacheServerErrorsUnsupportedPdu Counter32, 591 rpkiRtrCacheServerErrorsWithdrawalUnknown Counter32, 592 rpkiRtrCacheServerErrorsDuplicateAnnounce Counter32 593 } 595 rpkiRtrCacheServerErrorsCorruptData OBJECT-TYPE 596 SYNTAX Counter32 597 MAX-ACCESS read-only 598 STATUS current 599 DESCRIPTION "The number of 'Corrupt Data' errors received 600 from the RPKI cache server at the other end 601 of this connection. 603 Discontinuities are indicated by the value 604 of rpkiRtrDiscontinuityTimer." 605 ::= { rpkiRtrCacheServerErrorsTableEntry 1 } 607 rpkiRtrCacheServerErrorsInternalError OBJECT-TYPE 608 SYNTAX Counter32 609 MAX-ACCESS read-only 610 STATUS current 611 DESCRIPTION "The number of 'Internal Error' errors received 612 from the RPKI cache server at the other end 613 of this connection. 615 Discontinuities are indicated by the value 616 of rpkiRtrDiscontinuityTimer." 617 ::= { rpkiRtrCacheServerErrorsTableEntry 2 } 619 rpkiRtrCacheServerErrorsNoData OBJECT-TYPE 620 SYNTAX Counter32 621 MAX-ACCESS read-only 622 STATUS current 623 DESCRIPTION "The number of 'No Data Available' errors received 624 from the RPKI cache server at the other end 625 of this connection. 627 Discontinuities are indicated by the value 628 of rpkiRtrDiscontinuityTimer." 629 ::= { rpkiRtrCacheServerErrorsTableEntry 3 } 631 rpkiRtrCacheServerErrorsInvalidRequest OBJECT-TYPE 632 SYNTAX Counter32 633 MAX-ACCESS read-only 634 STATUS current 635 DESCRIPTION "The number of 'Invalid Request' errors received 636 from the RPKI cache server at the other end 637 of this connection. 639 Discontinuities are indicated by the value 640 of rpkiRtrDiscontinuityTimer." 642 ::= { rpkiRtrCacheServerErrorsTableEntry 4 } 644 rpkiRtrCacheServerErrorsUnsupportedVersion OBJECT-TYPE 645 SYNTAX Counter32 646 MAX-ACCESS read-only 647 STATUS current 648 DESCRIPTION "The number of 'Unsupported Protocol Version' 649 errors received from the RPKI cache server at 650 the other end of this connection. 652 Discontinuities are indicated by the value 653 of rpkiRtrDiscontinuityTimer." 654 ::= { rpkiRtrCacheServerErrorsTableEntry 5 } 656 rpkiRtrCacheServerErrorsUnsupportedPdu OBJECT-TYPE 657 SYNTAX Counter32 658 MAX-ACCESS read-only 659 STATUS current 660 DESCRIPTION "The number of 'Unsupported PDU Type' errors 661 received from the RPKI cache server at the 662 other end of this connection. 664 Discontinuities are indicated by the value 665 of rpkiRtrDiscontinuityTimer." 666 ::= { rpkiRtrCacheServerErrorsTableEntry 6 } 668 rpkiRtrCacheServerErrorsWithdrawalUnknown OBJECT-TYPE 669 SYNTAX Counter32 670 MAX-ACCESS read-only 671 STATUS current 672 DESCRIPTION "The number of 'Withdrawal of Unknown Record' 673 errors received from the RPKI cache server at 674 the other end of this connection. 676 Discontinuities are indicated by the value 677 of rpkiRtrDiscontinuityTimer." 678 ::= { rpkiRtrCacheServerErrorsTableEntry 7 } 680 rpkiRtrCacheServerErrorsDuplicateAnnounce OBJECT-TYPE 681 SYNTAX Counter32 682 MAX-ACCESS read-only 683 STATUS current 684 DESCRIPTION "The number of 'Duplicate Announcement Received' 685 errors received from the RPKI cache server at 686 the other end of this connection. 688 Discontinuities are indicated by the value 689 of rpkiRtrDiscontinuityTimer." 691 ::= { rpkiRtrCacheServerErrorsTableEntry 8 } 693 -- ============================================================== 694 -- The rpkiRtrPrefixOriginTable (was refered to as ROATable in an 695 -- earlier version of this table) 696 -- ============================================================== 698 rpkiRtrPrefixOriginTable OBJECT-TYPE 699 SYNTAX SEQUENCE OF RpkiRtrPrefixOriginTableEntry 700 MAX-ACCESS not-accessible 701 STATUS current 702 DESCRIPTION "This table lists the prefixes that were 703 announced by RPKI cache servers to this system. 704 That is the prefixes and their Origin ASN 705 as recieved by announcements via the 706 rpki-rtr protocol." 707 ::= { rpkiRtrObjects 4 } 709 rpkiRtrPrefixOriginTableEntry OBJECT-TYPE 710 SYNTAX RpkiRtrPrefixOriginTableEntry 711 MAX-ACCESS not-accessible 712 STATUS current 713 DESCRIPTION "An entry in the rpkiRtrPrefixOriginTable. 714 This represents one announced prefix." 715 INDEX { rpkiRtrPrefixOriginAddressType, 716 rpkiRtrPrefixOriginAddress, 717 rpkiRtrPrefixOriginMinLength 718 } 719 ::= { rpkiRtrPrefixOriginTable 1 } 721 RpkiRtrPrefixOriginTableEntry ::= SEQUENCE { 722 rpkiRtrPrefixOriginAddressType InetAddressType, 723 rpkiRtrPrefixOriginAddress InetAddress, 724 rpkiRtrPrefixOriginMinLength InetAddressPrefixLength, 725 rpkiRtrPrefixOriginMaxLength InetAddressPrefixLength, 726 rpkiRtrPrefixOriginASN InetAutonomousSystemNumber, 727 rpkiRtrPrefixOriginCacheServerId Unsigned32 728 } 730 rpkiRtrPrefixOriginAddressType OBJECT-TYPE 731 SYNTAX InetAddressType { ipv4(1), ipv6(2) } 732 MAX-ACCESS not-accessible 733 STATUS current 734 DESCRIPTION "The network Address Type for this prefix. 736 Only IPv4 and IPv6 are supported." 737 ::= { rpkiRtrPrefixOriginTableEntry 1 } 739 rpkiRtrPrefixOriginAddress OBJECT-TYPE 740 SYNTAX InetAddress (SIZE(4|16)) 741 MAX-ACCESS not-accessible 742 STATUS current 743 DESCRIPTION "The network Address for this prefix. 745 The format of the address is defined by the 746 value of the corresponding instance of 747 rpkiRtrCacheServerAddressType." 748 ::= { rpkiRtrPrefixOriginTableEntry 2 } 750 rpkiRtrPrefixOriginMinLength OBJECT-TYPE 751 SYNTAX InetAddressPrefixLength 752 MAX-ACCESS not-accessible 753 STATUS current 754 DESCRIPTION "The minimum prefix length allowed for this prefix." 755 ::= { rpkiRtrPrefixOriginTableEntry 3 } 757 rpkiRtrPrefixOriginMaxLength OBJECT-TYPE 758 SYNTAX InetAddressPrefixLength 759 MAX-ACCESS read-only 760 STATUS current 761 DESCRIPTION "The maximum prefix length allowed for this prefix. 763 Note, this value must be greater or equal to the 764 value of rpkiRtrPrefixOriginMinLength." 765 ::= { rpkiRtrPrefixOriginTableEntry 4 } 767 rpkiRtrPrefixOriginASN OBJECT-TYPE 768 SYNTAX InetAutonomousSystemNumber 769 MAX-ACCESS read-only 770 STATUS current 771 DESCRIPTION "The ASN that is authorized to announce the 772 prefix or sub-prefixes covered by this entry." 773 ::= { rpkiRtrPrefixOriginTableEntry 5 } 775 rpkiRtrPrefixOriginCacheServerId OBJECT-TYPE 776 SYNTAX Unsigned32 (1..4294967295) 777 MAX-ACCESS read-only 778 STATUS current 779 DESCRIPTION "The unique ID of the connection to the cache 780 server from which this announcement was received. 781 That connection is identified/found by a matching 782 value in attribute rpkiRtrCacheServerId." 783 ::= { rpkiRtrPrefixOriginTableEntry 6 } 785 -- ============================================================== 786 -- Notifications 787 -- ============================================================== 789 rpkiRtrCacheServerConnectionStateChange NOTIFICATION-TYPE 790 OBJECTS { rpkiRtrCacheServerConnectionStatus, 791 rpkiRtrCacheServerLatestSerial, 792 rpkiRtrCacheServerNonce 793 } 794 STATUS current 795 DESCRIPTION "This notification signals a change in the status 796 of an rpkiRtrCacheServerConnection. 798 The SNMP agent MUST throttle the generation of 799 consecutive rpkiRtrCacheServerConnectionStateChange 800 notifications such that there is at least a 801 5 second gap between them. 802 " 803 ::= { rpkiRtrNotifications 1 } 805 rpkiRtrCacheServerConnectionToGoStale NOTIFICATION-TYPE 806 OBJECTS { rpkiRtrCacheServerV4ActiveRecords, 807 rpkiRtrCacheServerV6ActiveRecords, 808 rpkiRtrCacheServerLatestSerial, 809 rpkiRtrCacheServerNonce, 810 rpkiRtrCacheServerRefreshTimer, 811 rpkiRtrCacheServerTimeToRefresh 812 } 813 STATUS current 814 DESCRIPTION "This notification signals that an RPKI cache 815 server connection is about to go stale. 816 It is suggested that this notifiation is 817 generated when the value of the 818 rpkiRtrCacheServerTimeToRefresh attribute 819 goes below 60 seconds. 821 The SNMP agent MUST throttle the generation of 822 consecutive rpkiRtrCacheServerConnectionToGoStale 823 notifications such that there is at least a 824 5 second gap between them. 825 " 826 ::= { rpkiRtrNotifications 2 } 828 -- ============================================================== 829 -- Module Compliance information 830 -- ============================================================== 832 rpkiRtrCompliances OBJECT IDENTIFIER ::= 833 {rpkiRtrConformance 1} 834 rpkiRtrGroups OBJECT IDENTIFIER ::= 835 {rpkiRtrConformance 2} 837 rpkiRtrReadOnlyCompliance MODULE-COMPLIANCE 838 STATUS current 839 DESCRIPTION "The comliance statement for the rpkiRtrMIB 840 module. There are only read-only objects in this 841 MIB module, so the 'ReadOnly' in the name of this 842 compliance statement is there only for clarity 843 and truth in advertising. 844 " 845 MODULE -- This module 846 MANDATORY-GROUPS { rpkiRtrCacheServerGroup, 847 rpkiRtrPrefixOriginGroup, 848 rpkiRtrNotificationsGroup 849 } 850 GROUP rpkiRtrCacheServerErrorsGroup 851 DESCRIPTION "Implemntation of this group is optional and 852 would be useful for debugging." 853 ::= { rpkiRtrCompliances 1 } 855 rpkiRtrCacheServerGroup OBJECT-GROUP 856 OBJECTS { rpkiRtrDiscontinuityTimer, 857 rpkiRtrCacheServerLocalAddress, 858 rpkiRtrCacheServerLocalPort, 859 rpkiRtrCacheServerPreference, 860 rpkiRtrCacheServerConnectionType, 861 rpkiRtrCacheServerConnectionStatus, 862 rpkiRtrCacheServerDescription, 863 rpkiRtrCacheServerMsgsReceived, 864 rpkiRtrCacheServerMsgsSent, 865 rpkiRtrCacheServerV4ActiveRecords, 866 rpkiRtrCacheServerV4Announcements, 867 rpkiRtrCacheServerV4Withdrawals, 868 rpkiRtrCacheServerV6ActiveRecords, 869 rpkiRtrCacheServerV6Announcements, 870 rpkiRtrCacheServerV6Withdrawals, 871 rpkiRtrCacheServerLatestSerial, 872 rpkiRtrCacheServerNonce, 873 rpkiRtrCacheServerRefreshTimer, 874 rpkiRtrCacheServerTimeToRefresh, 875 rpkiRtrCacheServerId 876 } 877 STATUS current 878 DESCRIPTION "The collection of objects to monitor the RPKI peer 879 connections." 880 ::= { rpkiRtrGroups 1 } 882 rpkiRtrCacheServerErrorsGroup OBJECT-GROUP 883 OBJECTS { rpkiRtrCacheServerErrorsCorruptData, 884 rpkiRtrCacheServerErrorsInternalError, 885 rpkiRtrCacheServerErrorsNoData, 886 rpkiRtrCacheServerErrorsInvalidRequest, 887 rpkiRtrCacheServerErrorsUnsupportedVersion, 888 rpkiRtrCacheServerErrorsUnsupportedPdu, 889 rpkiRtrCacheServerErrorsWithdrawalUnknown, 890 rpkiRtrCacheServerErrorsDuplicateAnnounce 891 } 892 STATUS current 893 DESCRIPTION "The collection of objects that may help in 894 debugging the communication between rpki 895 clients and cache servers." 896 ::= { rpkiRtrGroups 2 } 898 rpkiRtrPrefixOriginGroup OBJECT-GROUP 899 OBJECTS { rpkiRtrPrefixOriginMaxLength, 900 rpkiRtrPrefixOriginASN, 901 rpkiRtrPrefixOriginCacheServerId 902 } 903 STATUS current 904 DESCRIPTION "The collection of objects that represent 905 the prefix(es) and their validated origin 906 ASes." 907 ::= { rpkiRtrGroups 3 } 909 rpkiRtrNotificationsGroup NOTIFICATION-GROUP 910 NOTIFICATIONS { rpkiRtrCacheServerConnectionStateChange, 911 rpkiRtrCacheServerConnectionToGoStale 912 } 913 STATUS current 914 DESCRIPTION "The set of notifications to alert an NMS of change 915 in connections to RPKI cache servers." 916 ::= { rpkiRtrGroups 4 } 918 END 920 5. IANA Considerations 922 The MIB module in this document will required an IANA assigned OBJECT 923 IDENTIFIER within the SMI Numbers registry. For example, replacing 924 XXX below: 926 Descriptor OBJECT IDENTIFIER value 927 ---------- ----------------------- 928 rpkiRouter { mib-2 XXX } 930 6. Security Considerations 932 There are no management objects defined in this MIB module that have 933 a MAX-ACCESS clause of read-write and/or read-create. So, if this 934 MIB module is implemented correctly, then there is no risk that an 935 intruder can alter or create any management objects of this MIB 936 module via direct SNMP SET operations. 938 Most of the readable objects in this MIB module (i.e., objects with a 939 MAX-ACCESS other than not-accessible) may be considered sensitive or 940 vulnerable in some network environments. They are vulnerable in the 941 sense that when an intruder sees the information in this MIB module, 942 then it might help him/her to setup a an attack on the router or 943 cache server. It is thus important to control even GET and/or NOTIFY 944 access to these objects and possibly to even encrypt the values of 945 these objects when sending them over the network via SNMP. 947 SNMP versions prior to SNMPv3 did not include adequate security. 948 Even if the network itself is secure (for example by using IPSec), 949 even then, there is no control as to who on the secure network is 950 allowed to access and GET/SET (read/change/create/delete) the objects 951 in this MIB module. 953 It is RECOMMENDED that implementers consider the security features as 954 provided by the SNMPv3 framework (see [RFC3410], section 8), 955 including full support for the SNMPv3 cryptographic mechanisms (for 956 authentication and privacy). 958 Further, deployment of SNMP versions prior to SNMPv3 is NOT 959 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 960 enable cryptographic security. It is then a customer/operator 961 responsibility to ensure that the SNMP entity giving access to an 962 instance of this MIB module is properly configured to give access to 963 the objects only to those principals (users) that have legitimate 964 rights to indeed GET or SET (change/create/delete) them. 966 7. References 968 7.1. Normative References 970 [I-D.ietf-sidr-rpki-rtr] 971 Bush, R. and R. Austein, "The RPKI/Router Protocol", 972 draft-ietf-sidr-rpki-rtr-18 (work in progress), 973 October 2011. 975 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 976 Requirement Levels", BCP 14, RFC 2119, March 1997. 978 [RFC2287] Krupczak, C. and J. Saperia, "Definitions of System-Level 979 Managed Objects for Applications", RFC 2287, 980 February 1998. 982 [RFC2578] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 983 "Structure of Management Information Version 2 (SMIv2)", 984 STD 58, RFC 2578, April 1999. 986 [RFC2579] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 987 "Textual Conventions for SMIv2", STD 58, RFC 2579, 988 April 1999. 990 [RFC2580] McCloghrie, K., Perkins, D., and J. Schoenwaelder, 991 "Conformance Statements for SMIv2", STD 58, RFC 2580, 992 April 1999. 994 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 995 "Introduction and Applicability Statements for Internet- 996 Standard Management Framework", RFC 3410, December 2002. 998 [RFC4001] Daniele, M., Haberman, B., Routhier, S., and J. 999 Schoenwaelder, "Textual Conventions for Internet Network 1000 Addresses", RFC 4001, February 2005. 1002 7.2. Informative References 1004 [RFC1982] Elz, R. and R. Bush, "Serial Number Arithmetic", RFC 1982, 1005 August 1996. 1007 [RFC2385] Heffernan, A., "Protection of BGP Sessions via the TCP MD5 1008 Signature Option", RFC 2385, August 1998. 1010 [RFC4252] Ylonen, T. and C. Lonvick, "The Secure Shell (SSH) 1011 Authentication Protocol", RFC 4252, January 2006. 1013 [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security 1014 (TLS) Protocol Version 1.2", RFC 5246, August 2008. 1016 [RFC5925] Touch, J., Mankin, A., and R. Bonica, "The TCP 1017 Authentication Option", RFC 5925, June 2010. 1019 Authors' Addresses 1021 Randy Bush 1022 Internet Initiative Japan 1023 5147 Crystal Springs 1024 Bainbridge Island, Washington 98110 1025 US 1027 Phone: +1 206 780 0431 x1 1028 Email: randy@psg.com 1030 Bert Wijnen 1031 RIPE NCC 1032 Schagen 33 1033 3461 GL Linschoten 1034 Netherlands 1036 Email: bertietf@bwijnen.net 1038 Keyur Patel 1039 Cisco Systems 1040 170 W. Tasman Drive 1041 San Jose, CA 95134 1042 USA 1044 Email: keyupate@cisco.com 1046 Michael Baer 1047 SPARTA 1048 P.O. Box 72682 1049 Davis, CA 95617 1050 USA 1052 Email: michael.baer@sparta.com